[Contents] [Prev] [Next] [Index] [Report an Error]

Extracting RADIUS Attributes with the Pseudo–RADIUS Authorization Server (SRC CLI)

The pseudo–RADIUS authorization server extracts RADIUS attribute values from the MX-series router for which it receives access requests.

Tasks to configure the RADIUS attribute value extraction are:

Extracting Interface Name Attribute Values

The interface name value is the subscriber line interface. This value is extracted from the NAS-Port-ID attribute. The default settings for this configuration are sufficient for most applications.

Use the following configuration statements to extract the interface name value from the RADIUS access request:

slot number external-subscriber-monitor radius-attribute-extraction default interface-name {
regular-expression [regular-expression...];
}

To extract the interface name value:

  1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the interface name value.
    user@host# edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name
  2. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name]
    user@host# set regular-expression [regular-expression...]

    For example, to specify that the extracted interface name value is ge-0/0/3.0 from the NAS-Port attribute value of ge-0/0/3.0[:0-0]:

    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default interface-name]
    user@host# set regular-expression ([a-zA-Z0-9-/.]+)\\[:.*

Extracting Virtual Router Name Attribute Values

In most cases, the virtual router name value is in the format default@<NAS-ID attribute>. The default settings extract a virtual router name in this format. If your environment is different, you can configure a different format for the extracted value.

Use the following configuration statements to extract the virtual router name value from the RADIUS access request:

slot number external-subscriber-monitor radius-attribute-extraction default virtual-router-name {
id id;
vsa;
vsa-id vsa-id;
regular-expression [regular-expression...];
type (raw-byte | chars);
prefix prefix;
}

To extract the virtual router name value:

  1. From configuration mode, access the configuration statement that configures RADIUS attribute extraction for the virtual router name value.
    user@host# edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name
  2. Specify the RADIUS attribute identifier.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set id id
  3. (Optional) Specify whether the RADIUS attribute is a vendor-specific attribute.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set vsa
  4. (Optional) Specify the RADIUS vendor-specific attribute identifier.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set vsa-id vsa-id
  5. (Optional) Specify the RADIUS attribute value format with a regular expression. You can group regular expressions by enclosing them in parentheses. The value for the interface is the part of the NAS-Port-ID matched by the first group in your regular expression. For more information about using regular expressions, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set regular-expression [regular-expression...]

    For example:

    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set regular-expression ([a-zA-Z0-9-/.]+)\\[:.*
  6. (Optional) Specify the value type of this RADIUS attribute.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set type (raw-byte | chars)

    where:

  7. (Optional) Specify the prefix that is prepended to the extracted RADIUS attribute value.
    [edit slot 0 external-subscriber-monitor radius-attribute-extraction default virtual-router-name]
    user@host# set prefix prefix
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.